Principal InfoSec & Compliance Analyst

Summary

Join Solo.io as an Infosec and Compliance Analyst and play a pivotal role in securing our infrastructure, data, and software. You will help define, establish, and manage our corporate security strategy, working hands-on to build and define security compliance mechanisms for our products and services. Collaborate with all departments to identify compliance areas, provide expert guidance, and implement and document policies and processes. Work directly with auditors, customers, and prospects to address security requirements and inquiries. This remote role (US-based applicants) requires hands-on security compliance experience in a cloud-native environment and excellent customer-facing and technical documentation skills.

Requirements

• 3+ years of experience in information security, governance, risk, and compliance roles
• Successful track record of obtaining SOC2 and ISO27001 compliance
• 5+ years of SOC analyst or security compliance management experience in a cloud native environment
• 2+ years of software development / DevOps or related experience
• 3+ years of SaaS and Cloud technical hands on experience
• Experienced in authoring and implementing information security programs and policy frameworks
• Deep understanding and experience implementing controls for security standards and frameworks (NIST, ISO 27001/27002, OWASP, SOC 2, PCI DSS)
• Strong program management and organizational skills
• Strong communication and collaboration skills to build relationships with internal stakeholders across the organization, at the leadership level and with customers
• Cybersecurity certifications (SSCP, CompTIA Security, etc)

Responsibilities

• Lead and own internal cybersecurity audits to ensure operational environments stay compliant and secure
• Develop security policy documents and provide expert guidance on cybersecurity topics and policies
• Define and build security strategy and training for the company and for different teams, working internally with stakeholders and department leaders to establish security standards and processes
• Establish and maintain a security compliance plan across the company, including, but not limited to SOC 2 and ISO27001 compliance. This requires extensive project management and organizational skills
• As needed, own communication with customers regarding security compliance and generate responses to security questionnaires
• Manage compliance with relevant data privacy and information security laws and regulations, including, but not limited to GDPR, CCPA
• Lead incident response plan and cross functional team
• Experience establishing and maintaining security compliance program for SaaS offering

Preferred Qualifications

• Hands on Kubernetes experience and knowledge
• A degree in Cybersecurity or a related field

Benefits

This is a remote role for applicants based in the US